Уязвимость CVE-2020-10878: Информация

Описание

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Важность: HIGH (8,6) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-10878
Опубликовано: 5 июня 2020 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-190

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
perlsisyphus5.30.3-alt15.38.2-alt0.2ALT-PU-2020-2905-1259030Исправлено
perlp105.30.3-alt15.34.0-alt1ALT-PU-2020-2905-1259030Исправлено
perlp95.28.3-alt15.28.3-alt1ALT-PU-2020-3414-1261964Исправлено
perlc10f15.30.3-alt15.34.0-alt1ALT-PU-2020-2905-1259030Исправлено
perlc9f25.28.3-alt15.28.3-alt1ALT-PU-2020-3343-1261994Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
  • Patch
  • Third Party Advisory
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
  • Patch
  • Third Party Advisory
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
  • Patch
  • Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/
  • Third Party Advisory
GLSA-202006-03
  • Third Party Advisory
openSUSE-SU-2020:0850
  • Mailing List
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
  • Patch
  • Third Party Advisory
N/A
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Patch
  • Third Party Advisory
FEDORA-2020-fd73c08076

      1. Конфигурация 1

        cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
        End excliding
        5.30.3

        Конфигурация 2

        cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

        Конфигурация 3

        cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

        Конфигурация 4

        cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

        Конфигурация 5

        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
        Start including
        8.0.0
        End including
        8.5.0
        cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*
        Start including
        7.4.0
        End including
        7.7.1
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*
        Start including
        13.1
        End including
        13.4
        cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*
        Start including
        16.1.0
        End including
        16.4.0
        cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
        Start including
        10.4.0.1.0
        End including
        10.4.0.3.1
        cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
        Start including
        10.3.0.0.0
        End including
        10.3.0.2.1
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Версия: v24.5.1
    Наверх